Re: [exim] Exiscan processing

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Alan J. Flavell
Date:  
À: Simon Windsor
CC: Exim users list
Sujet: Re: [exim] Exiscan processing
On Thu, 3 Mar 2005, Simon Windsor wrote:

> I have noted from the documentation that Exim/Exiscan bounces Spam
> and viral email.


It does not "bounce" it (in the sense of composing a non-delivery
report to its envelope-sender address); rather, it "rejects" it (with
a 5xx code at SMTP time). The distinction is vitally important.

It's madness to literally "bounce" spam or viruses. Formerly known as
"collateral", and now more-often referred to by the (IMHO unfortunate)
term of "backscatter". (Myself I think the term "collateral" was more
apt).

See http://www.ja.net/CERT/JANET-CERT/mail/junk/collateral.html and
*note the date*. This important message is taking *far* too long to
percolate through the heads of certain mail admins.

> Whilst this is good, is it possible to send a short message to the
> designated recipient advising an email from 'sender' was blocked to
> due spam/virus detection?


I'm glad I'm not one of your users, then.

See http://www.timj.co.uk/linux/sa.php and particularly
http://www.attrition.org/security/rant/av-spammers.html

Reports in *either* direction are bad. If the sender is genuine,
they'll find out soon enough that you *rejected* (not "bounced") their
mail. What they do then is up to them.

That's assuming that you're talking about mail that's incoming from a
peer MTA. If you're talking about mail submission from an MUA by one
of your own users, then the idea of notifying the intended victim is
even more absurd, I'd have to say. We'd happily blacklist your MTA
for that!

best regards